Your rights under the General Data Protection Regulation
Last updated: June 2026
river-quest is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page explains how we comply with data protection legislation and outlines your rights as a data subject.
river-quest is the data controller responsible for your personal data. Our contact details are:
river-quest
47 Cloth Hall Street
Leeds, LS1 2HD
United Kingdom
[email protected]
Under GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to your request within one month of receipt.
If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update this information.
Also known as the "right to be forgotten," you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.
You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit this data to another controller.
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.
To exercise any of your rights, please contact us using the details provided above. We may need to verify your identity before processing your request. There is no fee for most requests, although we may charge a reasonable fee for repetitive, manifestly unfounded, or excessive requests.
We process personal data on the following lawful bases:
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
We do not routinely transfer personal data outside the United Kingdom or European Economic Area. Should such transfers become necessary, we will ensure appropriate safeguards are in place.
Where we undertake processing that is likely to result in a high risk to individuals, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise data protection risks.
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
We may update this GDPR information from time to time. Any changes will be posted on this page with an updated revision date.